emis_systems_administrator_manual
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
emis_systems_administrator_manual [2023/10/18 12:14] – [Make User Owner of both Databases] ghachey | emis_systems_administrator_manual [2024/06/18 01:27] (current) – ghachey | ||
---|---|---|---|
Line 21: | Line 21: | ||
Currently only the Windows operating system is supported. The application can be installed on any recent version of the Windows operating system. | Currently only the Windows operating system is supported. The application can be installed on any recent version of the Windows operating system. | ||
- | * Windows Server 2022, 2019, 2016 | + | * Windows Server 2022 (recommended), 2019, 2016 |
* Windows 11, 10 | * Windows 11, 10 | ||
Line 30: | Line 30: | ||
The only database engine currently supported is Microsoft SQL Server (SQL Server) with most deployments tested with the following versions: | The only database engine currently supported is Microsoft SQL Server (SQL Server) with most deployments tested with the following versions: | ||
- | * SQL Server 2022 (including Express Edition) | + | * SQL Server 2022 (including Express Edition) (recommended) |
* SQL Server 2019 (including Express Edition) | * SQL Server 2019 (including Express Edition) | ||
* SQL Server 2014 (including Express Edition) | * SQL Server 2014 (including Express Edition) | ||
Line 38: | Line 38: | ||
There is no need for an expensive license, the Express edition which is freely available will work fine for most small countries. If you don't have already a commercial license download the free version [[https:// | There is no need for an expensive license, the Express edition which is freely available will work fine for most small countries. If you don't have already a commercial license download the free version [[https:// | ||
- | <note tip>For better backup plans of the SQL database (e.g support for compression) the paid version is recommended.</ | + | <note tip>For better backup plans of the SQL database (e.g support for compression) the paid version is recommended. However, we have a nice PowerShell script combined with a Windows Schedule Task that can easily automate DB backups also.</ |
==== Install .NET Framework ==== | ==== Install .NET Framework ==== | ||
- | Install [[https:// | + | The projects in the whole solution target either 4.6, 4.6.1 and 4.6.2. The migration to target 4.8 in each project |
- | + | ||
- | <note tip>The installation might not proceed with a message that this or a later .NET framework | + | |
==== Create Account to Run the Application ==== | ==== Create Account to Run the Application ==== | ||
Line 83: | Line 81: | ||
- | ==== Make User Owner of both Databases ==== | + | ==== Make EMISWEB |
Add the **EMISWEB** user as **db_owner** of the databases created previously. You can do this by opening SSMS, browsing to the new database created early on then click **Security--Users** where you can add a new user as show in the following figure (select **Windows user** from **User Type** dropdown list). Locate the Windows account **EMISWEB** from the **User name** field and create it. | Add the **EMISWEB** user as **db_owner** of the databases created previously. You can do this by opening SSMS, browsing to the new database created early on then click **Security--Users** where you can add a new user as show in the following figure (select **Windows user** from **User Type** dropdown list). Locate the Windows account **EMISWEB** from the **User name** field and create it. | ||
Line 104: | Line 102: | ||
{{ : | {{ : | ||
+ | |||
==== Deploy the Application ==== | ==== Deploy the Application ==== | ||
+ | |||
+ | === Enable the IIS Role === | ||
+ | |||
+ | We first enable the IIS role to create the necessary folders where the app will be deployed. | ||
+ | |||
+ | To enable to **Web Server (IIS)** on the Windows Server open the **Server Manager** and find **Add Roles and Features**. Find the **Web Server (IIS)**, enable it and make sure it contains the following minimum functionalities. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | === Install Web Server Dependencies === | ||
+ | |||
+ | To avoid some minor loading errors within the IIS configuration section we can install the dependencies now as they might already be expected from the configuration in the app's Web.Config file. Currently installing the URL Rewrite should be enough https:// | ||
=== Deployment Method === | === Deployment Method === | ||
Line 149: | Line 160: | ||
On your local system, you will need to : | On your local system, you will need to : | ||
* Create a folder for this (e.g. C:\fileDb ) | * Create a folder for this (e.g. C:\fileDb ) | ||
- | * Make sure that the account running the EMIs apppool has CRUD and Create Folder permissions to this folder | + | * Make sure that the account running the EMIS apppool has CRUD and Create Folder permissions to this folder |
* Set the web.config entry | * Set the web.config entry | ||
| | ||
Line 175: | Line 186: | ||
{{ : | {{ : | ||
+ | |||
==== Web Server (IIS) ==== | ==== Web Server (IIS) ==== | ||
- | |||
- | === Enable the IIS Role === | ||
- | |||
- | To enable to **Web Server (IIS)** on the Windows Server open the **Server Manager** and find **Add Roles and Features**. Find the **Web Server (IIS)**, enable it and make sure it contains the following minimum functionalities. | ||
- | |||
- | {{ : | ||
=== Create an Application Pool === | === Create an Application Pool === | ||
Line 204: | Line 210: | ||
{{ : | {{ : | ||
- | Next on the EMIS app, choose manage app and advanced settings; | + | === Add the Website (i.e. Web Application) === |
- | {{ :sysadmin-manual: | + | This step requires that you have already copied all the app's files to the **C:\inetpub\wwwroot\** folder. |
- | And change to run in your newly created Application Pool | + | {{ : |
- | {{ : | + | Then complete the website' |
- | You may have to **Stop** and **Start** the application pool for this to take effect. Next, look for your new website in **Sites--Default Web Site**, in this case it is **miemis**. Right click it and **Convert to Application**, | + | {{ :sysadmin-manual:emis-add-website-2.png?nolink |}} |
- | {{ : | + | === Add support for HTTPS === |
+ | |||
+ | Since this app has a strong security focus it automatically redirects to https from any http connection attempt. Therefore we must add support for https. First create a self signed SSL certificate in the IIS server. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Give it details like follows. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | The newly added self signed certificate should look like this. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Go back to our new website and edit the bindings. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Add a new bindings for https like follows. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | It should results in something like this. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Now when accessing the website to it's configured bindings you will see the following. | ||
+ | |||
+ | <note tip>This is temporary as we will setup a verified SSL certificate later on eliminating this warning.</ | ||
+ | |||
+ | {{ : | ||
=== Install missing modules === | === Install missing modules === | ||
Line 255: | Line 291: | ||
+ | === Change the Self-signed SSL certificate with a LetsEncrypt Verified SSL Certificate === | ||
- | === Secure using HTTPS and LetsEncrypt === | + | The easiest and cheapest way to remove |
- | + | ||
- | The easiest and cheapest way to encrypt | + | |
- Run to deploy the certificate the first time | - Run to deploy the certificate the first time | ||
- Then setup a schedule task to renew every 3 months | - Then setup a schedule task to renew every 3 months | ||
- | When HTTPS is working it is a good idea to redirect all HTTP (non-secured) traffic to HTTPS. | + | When HTTPS is working it is a good idea to redirect all HTTP (non-secured) traffic to HTTPS. |
==== Setting Up Email ==== | ==== Setting Up Email ==== | ||
Line 440: | Line 475: | ||
- Create ssh-keys with command '' | - Create ssh-keys with command '' | ||
- Do any edits to the ''/ | - Do any edits to the ''/ | ||
- | - Start the SSH service with command '' | + | - Start the SSH service with command '' |
- Configure the backuppc user encryption keys with the command '' | - Configure the backuppc user encryption keys with the command '' | ||
- Test ssh access with '' | - Test ssh access with '' | ||
Line 465: | Line 500: | ||
=== Automate daily SQL database exports === | === Automate daily SQL database exports === | ||
- | This unfortunately can not " | + | There are two ways to achieve this: |
- | + | ||
+ | * The expensive paid version of Microsoft SQL Server can easily produce nightly backup plans from the UI. | ||
+ | * The free version of Microsoft SQL Server Express does not support this feature. However, it is not difficult to produce a script to do the backup and execute the script using the Windows Task Scheduler. This is the method used in most deployment of Pacific EMIS using a custom script on the server. | ||
=== Automate daily JasperReports exports === | === Automate daily JasperReports exports === |
emis_systems_administrator_manual.1697631282.txt.gz · Last modified: 2023/10/18 12:14 by ghachey